CSS - Radius authentication problem

Unanswered Question
Nov 13th, 2008


for a customer we need to configure Radius authentication working like this:

- CSS administrator login to device at user level

- then switch to "enable" mode using a superuser level account.

First login to CSS with a Radius account at user level works fine, but (after enable command) the login at superuser level doesn't work neighter with Radius account nor with local superuser account.


This is the configuration:

radius-server primary secret XXX auth-port 1645

radius-server source-interface

sntp primary-server version 3

date european-date

radius-server secondary secret XXX auth-port 1645

radius-server dead-time 15

radius-server retransmit 15

radius-server timeout 15

virtual authentication primary radius

virtual authentication secondary local

username ZZZ des-password ZZZ superuser

Any idea?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Thu, 11/13/2008 - 02:12

is your server correctly configured as described at :


"From the Group Settings section of the Cisco Secure ACS HTML interface, click the IETF RADIUS Attributes, [006] Service-Type checkbox. Then select Administrative. Administrative is required to enable RADIUS authentication for privileged user (SuperUser) connection with the CSS. "



This Discussion